72 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (9721), with CRLF, LF line terminators
Hash 6dfca35736408d16cff8d360f6d91247
c1c6c0fdfeb8b10f30024d7d2927803747f0dc59
13514a163b6e86b987fa6872da55541ac97db8ffca127b3adec3fa5e37556e36
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:00 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
X-Powered-By: PHP/7.4.33
Link: <http://44.204.18.94/wp-json/>; rel="https://api.w.org/", <http://44.204.18.94/wp-json/wp/v2/pages/15>; rel="alternate"; type="application/json", <http://44.204.18.94/>; rel=shortlink
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.2.0/css/font-awesome.min.css
200 OK 4.0 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.2.0/css/font-awesome.min.css
IP
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (21822), with CRLF line terminators
Hash ed05bfd415df47c95c9f655b7a1fc6d4
2ef7f5881a8af7a2772f3829f5778a09ac53a1b1
50dbecb3ed007ae3c814e0c220f9e9a153d02fbafa3d9465c4b222042976a8ec
GET /ajax/libs/font-awesome/4.2.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Dec 2023 22:09:02 GMT
content-type: text/css; charset=utf-8
content-length: 4037
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-55e3"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 243296
expires: Wed, 20 Nov 2024 22:09:02 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p7vV2T6VStzEDhe%2FmHtM4O%2BMGI%2BVKJfFlCPU2fm0%2BxtMBcVViy4nTa8Mx5SBT%2BDDEERhfmPBpSDEmTfavHsxBb6s8nZDe7lyllxOTg%2Bt6GS4DJddqQ0HWzZCnFLiGMJz6nntdp%2B4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82eea6f468abb52d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
72 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (9721), with CRLF, LF line terminators
Hash 6dfca35736408d16cff8d360f6d91247
c1c6c0fdfeb8b10f30024d7d2927803747f0dc59
13514a163b6e86b987fa6872da55541ac97db8ffca127b3adec3fa5e37556e36
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:01 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
X-Powered-By: PHP/7.4.33
Link: <http://44.204.18.94/wp-json/>; rel="https://api.w.org/", <http://44.204.18.94/wp-json/wp/v2/pages/15>; rel="alternate"; type="application/json", <http://44.204.18.94/>; rel=shortlink
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
44.204.18.94/wp-content/themes/paycron/style.css
200 OK 6.9 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/style.css
IP
File type ASCII text, with CRLF line terminators
Hash 90938cf30c88b5ae3aef36a40e6036a5
8d1866f53a61aea118f2efccc5b29655f00c8e5a
d62b0590ebd7383df5d55036641241d61a21ad24b18c13dc17d81ed86ba8c844
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/style.css HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 08 Nov 2023 10:37:33 GMT
ETag: "1b0a-609a1acc54598"
Accept-Ranges: bytes
Content-Length: 6922
Keep-Alive: timeout=5, max=100
Content-Type: text/css
44.204.18.94/wp-content/themes/paycron/css/owl.carousel.css
200 OK 7.6 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/css/owl.carousel.css
IP
Hash 1658846d2dad93bb27c9d75ba691cea6
70bfb5e6274e77345897118f349ef1ba67fdf8e0
a9ee2183d2306fe5942bdd45d545ab2ab317c629f7e1f3852988d27e2f324ac7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/css/owl.carousel.css HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 08 Nov 2023 11:12:15 GMT
ETag: "1dd7-609a228e19d57"
Accept-Ranges: bytes
Content-Length: 7639
Keep-Alive: timeout=5, max=100
Content-Type: text/css
44.204.18.94/wp-includes/css/classic-themes.min.css?ver=6.2.3
200 OK 291 B URL GET HTTP/1.1 44.204.18.94/wp-includes/css/classic-themes.min.css?ver=6.2.3
IP
Hash 1a0804b1a9d09705657f91fe7cad4c5a
feeece6f0b3e0bcf090547c475329a2772f6b26b
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-includes/css/classic-themes.min.css?ver=6.2.3 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 08 Nov 2023 09:51:53 GMT
ETag: "123-609a1097d5bad"
Accept-Ranges: bytes
Content-Length: 291
Keep-Alive: timeout=5, max=100
Content-Type: text/css
www.googletagmanager.com/gtag/js?id=UA-148412512-1
200 OK 65 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-148412512-1
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (3026)
Hash c039c47b5f6af4c6c65744135ea913b0
e64e76002c5b4175780c8d85c6a59db05d8e14d3
d372acccb1d39850ffabaa222070ac6e06b8b08e9cb3e70208fe075358dba3bb
GET /gtag/js?id=UA-148412512-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 01 Dec 2023 22:09:02 GMT
expires: Fri, 01 Dec 2023 22:09:02 GMT
cache-control: private, max-age=900
last-modified: Fri, 01 Dec 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64912
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
44.204.18.94/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=4.10.1
200 OK 14 kB URL GET HTTP/1.1 44.204.18.94/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=4.10.1
IP
File type ASCII text, with very long lines (13825), with no line terminators
Hash 91dae79d84791e79dfc8b84e2c7f15e5
ede13453fb61b42ccd04784933f6c67b74aa9a34
3668f6d335416599574fb1f336cbd2b9bb2f8fcff63e63a9ca3b68df4d0c6165
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=4.10.1 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 08 Nov 2023 11:27:50 GMT
ETag: "3601-609a2609a29e8"
Accept-Ranges: bytes
Content-Length: 13825
Keep-Alive: timeout=5, max=100
Content-Type: text/css
44.204.18.94/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=6.2.3
200 OK 15 kB URL GET HTTP/1.1 44.204.18.94/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=6.2.3
IP
File type ASCII text, with very long lines (14965), with no line terminators
Hash bc523f920a653b0baf7e325592052fe1
310a1dbec5d49fb39b18ab28eba63dac5cb95176
044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=6.2.3 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:28:00 GMT
ETag: "3a75-609a2613c448c"
Accept-Ranges: bytes
Content-Length: 14965
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
44.204.18.94/wp-content/plugins/bootstrap-for-contact-form-7/assets/dist/css/style.min.css?ver=6.2.3
200 OK 1.1 kB URL GET HTTP/1.1 44.204.18.94/wp-content/plugins/bootstrap-for-contact-form-7/assets/dist/css/style.min.css?ver=6.2.3
IP
File type ASCII text, with very long lines (850)
Hash 587c37e3bd838874df73179aaefadc45
19ffb1d6396d09045dfc321f7c4f1bc24906f0be
8c8eff8c27f4e674759a9052a02cac106e7b99c8161e707393c9e8875e19641f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/plugins/bootstrap-for-contact-form-7/assets/dist/css/style.min.css?ver=6.2.3 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:40:57 GMT
ETag: "44e-609a28f8cefc1"
Accept-Ranges: bytes
Content-Length: 1102
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
44.204.18.94/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=4.10.1
200 OK 104 kB URL GET HTTP/1.1 44.204.18.94/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=4.10.1
IP
File type ASCII text, with very long lines (65536), with no line terminators
Size 104 kB (103800 bytes)
Hash 57f2d46122498ad3d32e9612bd2aca17
d695857b151d9352fdbb9fe43f321274157e2f6a
80a2d7122993ca65b09a265a92ab7275d283afa3edeca1c735f37b0b05490fad
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=4.10.1 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:27:18 GMT
ETag: "19578-609a25eb5ed35"
Accept-Ranges: bytes
Content-Length: 103800
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
44.204.18.94/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
200 OK 13 kB URL GET HTTP/1.1 44.204.18.94/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
IP
File type ASCII text, with very long lines (13326)
Hash 5cfa2b481de6e87c2190a0e3538515d8
0fccf3c8ab2c10b4dcc7970e64ce997ab1622f68
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 10:07:47 GMT
ETag: "3470-609a14255ed17"
Accept-Ranges: bytes
Content-Length: 13424
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
44.204.18.94/wp-includes/css/dist/block-library/style.min.css?ver=6.2.3
200 OK 98 kB URL GET HTTP/1.1 44.204.18.94/wp-includes/css/dist/block-library/style.min.css?ver=6.2.3
IP
File type ASCII text, with very long lines (48325)
Hash 47cdb0e81ea341ad27a1a0b0ba6b02d8
6195a67b0b7f7919f07309e2c8ce71f3d4729d03
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.2.3 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 08 Nov 2023 10:10:21 GMT
ETag: "17ced-609a14b7b672d"
Accept-Ranges: bytes
Content-Length: 97517
Keep-Alive: timeout=5, max=100
Content-Type: text/css
44.204.18.94/wp-content/plugins/widget-google-reviews/assets/css/public-main.css?ver=2.4.1
200 OK 18 kB URL GET HTTP/1.1 44.204.18.94/wp-content/plugins/widget-google-reviews/assets/css/public-main.css?ver=2.4.1
IP
File type ASCII text, with very long lines (17856), with no line terminators
Hash afc87967da2f40a6c73df553cdce09d4
491f68276c38228eadc7075d09ca4dfe7a8375b2
c2c71ceab9f4a75c8a354e73e85cbe75ee2ce8f566d7329222eff766678498c0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/plugins/widget-google-reviews/assets/css/public-main.css?ver=2.4.1 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:18:19 GMT
ETag: "45c0-609a23e929863"
Accept-Ranges: bytes
Content-Length: 17856
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
44.204.18.94/wp-content/themes/paycron/js/bootstrap.min.js?ver=6.2.3
200 OK 29 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/js/bootstrap.min.js?ver=6.2.3
IP
File type ASCII text, with very long lines (28947)
Hash 676061c91faebcd883b288c08a84ce7c
9957a0a9b45252914106275482493b7f23459eb8
0624db5c18c7d2d77827282eef5d61af5b47d113f3b8edfefbe7ab1fcb7f9841
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/js/bootstrap.min.js?ver=6.2.3 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:13:10 GMT
ETag: "71bc-609a22c22d6e4"
Accept-Ranges: bytes
Content-Length: 29116
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
44.204.18.94/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=4.10.1
200 OK 51 kB URL GET HTTP/1.1 44.204.18.94/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=4.10.1
IP
File type ASCII text, with very long lines (31752)
Hash b2e49ca59388135037c4dfb4764ed279
4b813ab2fb9d63b794a287f5dfeb7e47a19f61a0
ddbda21655c0c2cb09913a9e33d856a8b8f3e1eae610cdbda8524def2dc71f7d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=4.10.1 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:27:50 GMT
ETag: "c5a4-609a2609a9747"
Accept-Ranges: bytes
Content-Length: 50596
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
44.204.18.94/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
200 OK 90 kB URL GET HTTP/1.1 44.204.18.94/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
IP
File type ASCII text, with very long lines (65447)
Hash 0e850a69bc7fd0acc2e92ce6eee87959
8be6d9e7f7a61ccf0b8eac8a8144d770b608a19c
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.4 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 10:07:44 GMT
ETag: "15ed7-609a1422d472e"
Accept-Ranges: bytes
Content-Length: 89815
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
44.204.18.94/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=4.10.1
200 OK 18 kB URL GET HTTP/1.1 44.204.18.94/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=4.10.1
IP
File type ASCII text, with very long lines (18124), with no line terminators
Hash 3dc945644f1448b84281bc6b6265e96d
06c8bb72dbf3d55f9c4864292ad89e5a67e3ae81
b17fe7091c0ec8e16acb022f3de1fe6f3ddaf4822eff6010a2c7563e34da7789
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=4.10.1 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:27:40 GMT
ETag: "46cc-609a260082c20"
Accept-Ranges: bytes
Content-Length: 18124
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
44.204.18.94/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=4.10.1
200 OK 71 kB URL GET HTTP/1.1 44.204.18.94/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=4.10.1
IP
File type Unicode text, UTF-8 text, with very long lines (64131)
Hash 0f64f3a3a0c620a6756d36abaff1b4a6
4738d7f9885db2cb9370766974c8f6b22e9ec29d
00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=4.10.1 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:28:00 GMT
ETag: "114c3-609a2613cd12b"
Accept-Ranges: bytes
Content-Length: 70851
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
44.204.18.94/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2
200 OK 8.2 kB URL GET HTTP/1.1 44.204.18.94/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2
IP
File type ASCII text, with very long lines (8171), with no line terminators
Hash dda652db133fddb9b80a05c6d1b5c540
60c8514c57a5db2980c4b046b0dd479bd427357b
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 10:12:20 GMT
ETag: "1feb-609a15299abaf"
Accept-Ranges: bytes
Content-Length: 8171
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
44.204.18.94/wp-content/plugins/widget-google-reviews/assets/js/public-main.js?ver=2.4.1
200 OK 36 kB URL GET HTTP/1.1 44.204.18.94/wp-content/plugins/widget-google-reviews/assets/js/public-main.js?ver=2.4.1
IP
File type ASCII text, with very long lines (566)
Hash 32c4d2b7f08882a4b9f3687dd44c29c6
2a133ecf6c1efb9fae46dd97d4cc401737115902
4adf902aa245a4754d36f472a57787a6b1a6e5c785cdbd62f0d4f80fab41b012
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/plugins/widget-google-reviews/assets/js/public-main.js?ver=2.4.1 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:18:29 GMT
ETag: "8aab-609a23f2f9294"
Accept-Ranges: bytes
Content-Length: 35499
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
44.204.18.94/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11
200 OK 6.6 kB URL GET HTTP/1.1 44.204.18.94/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11
IP
File type ASCII text, with very long lines (6607), with no line terminators
Hash 9a4f28a615173df36cb84be2b345816e
f709263841708d9e40268f24a0072ff4fe811b35
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 10:12:22 GMT
ETag: "19cf-609a152bdae22"
Accept-Ranges: bytes
Content-Length: 6607
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
44.204.18.94/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
200 OK 18 kB URL GET HTTP/1.1 44.204.18.94/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP
File type Unicode text, UTF-8 text, with very long lines (17819), with no line terminators
Hash e495a4709e3eae31c67f8263f25d2d39
d43ba6a092e4823a71f3bff75d5ed279a481636b
1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 10:12:29 GMT
ETag: "459f-609a15321976e"
Accept-Ranges: bytes
Content-Length: 17823
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
44.204.18.94/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.7.5.1
200 OK 999 B URL GET HTTP/1.1 44.204.18.94/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.7.5.1
IP
File type ASCII text, with very long lines (999), with no line terminators
Hash 6a0e8318d42803736d2fafcc12238026
c955314a7e0a9a9871329b0f042c8f0b5df49a78
2648a1333fa24d383fd73a6beaac17156ae78f4267ff7407ad60e05a788df44c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.7.5.1 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:21:38 GMT
ETag: "3e7-609a24a7046e1"
Accept-Ranges: bytes
Content-Length: 999
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
44.204.18.94/wp-content/themes/paycron/css/animate.min.css
200 OK 57 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/css/animate.min.css
IP
File type ASCII text, with very long lines (57359)
Hash 015a6f41aaafea845a87ab366a298d54
7fc6433b04dcd2fb55aa8b5f698b4f025f4a5450
b6a0f37348f3313c79d30c95e6d3457586116b9a20e3c39241ba49e8d6de8be3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/css/animate.min.css HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/wp-content/themes/paycron/style.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:12:13 GMT
ETag: "e025-609a228c5a953"
Accept-Ranges: bytes
Content-Length: 57381
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
44.204.18.94/wp-content/themes/paycron/js/custo.js
200 OK 229 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/js/custo.js
IP
File type ASCII text, with very long lines (32072)
Size 229 kB (228557 bytes)
Hash 18b73015b631d45cff2e115de652581f
fb6f73281f1d7e33a8d3bbe70f14e397c566bf03
eb373294aef6b7f4773e1a6b105c4c8159643094f6dea4af26b23b003f539a37
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/js/custo.js HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:13:12 GMT
ETag: "37ccd-609a22c409fa5"
Accept-Ranges: bytes
Content-Length: 228557
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.ontoplist.com/images/ontoplist31.png?id=5eb5191b6e9a8
200 OK 873 B URL GET HTTP/2 www.ontoplist.com/images/ontoplist31.png?id=5eb5191b6e9a8
IP
Certificate IssuerLet's Encrypt
Subjectstatic7.ontoplist.com
Fingerprint0D:4F:20:4A:63:B9:D4:C7:EC:32:48:8A:79:66:3B:94:96:64:7D:CD
ValidityTue, 07 Nov 2023 11:50:57 GMT - Mon, 05 Feb 2024 11:50:56 GMT
File type PNG image data, 115 x 30, 8-bit colormap, non-interlaced\012- data
Hash 18451b9fb2ac23cc5e9358082a14c3fe
8150c6938a3c66408dfce389d1fe4521a3a94fe0
5f6164c991a383008962e681967a19bb1706041e1cdc26252463362193c5cbde
GET /images/ontoplist31.png?id=5eb5191b6e9a8 HTTP/1.1
Host: www.ontoplist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 20 Aug 2019 06:56:36 GMT
etag: "369-59086f51eb100"
accept-ranges: bytes
content-length: 873
cache-control: max-age=2592000
expires: Sun, 31 Dec 2023 22:09:02 GMT
strict-transport-security: max-age=600
referrer-policy: no-referrer-when-downgrade
content-type: image/png
date: Fri, 01 Dec 2023 22:09:02 GMT
server: Apache/2.4.56 (Debian)
X-Firefox-Spdy: h2
44.204.18.94/?1eaf0c464d788ecdc930477709b9c732&ver=6.2.3
200 OK 425 B URL GET HTTP/1.1 44.204.18.94/?1eaf0c464d788ecdc930477709b9c732&ver=6.2.3
IP
Hash 3b30e438a7ba47e929d8e37a702ed948
b23589783617ef2822edb811a8dc0212089e9a41
b80738d4ddd6437ccb8a824848c10b061328f0108e1cd9f3261981bbca5a54c2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?1eaf0c464d788ecdc930477709b9c732&ver=6.2.3 HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
X-Powered-By: PHP/7.4.33
Content-Length: 425
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
44.204.18.94/wp-content/themes/paycron/css/bootstrap.css
200 OK 121 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/css/bootstrap.css
IP
File type assembler source, ASCII text, with very long lines (540)
Size 121 kB (121019 bytes)
Hash 01262306e5b32305691bcd2afdc0cda3
f2b80056226872c85b04e07017c6596c1b3507a1
07e3c8b602032bd35c06584ded3be3935de3088433d723089a7d4fdf5579abea
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/css/bootstrap.css HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/wp-content/themes/paycron/style.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:12:14 GMT
ETag: "1d8bb-609a228d3e1d5"
Accept-Ranges: bytes
Content-Length: 121019
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
44.204.18.94/wp-content/themes/paycron/css/stylemain.css
200 OK 168 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/css/stylemain.css
IP
Size 168 kB (167880 bytes)
Hash 98d049b8400412110dcface544dc7a75
8a790449d7b8af6195925b53ab3922c758f6c4c3
1e024470ebcade5fffcfc739be7a3fb79e06a8ea8b6b8c9019e0f95cf1ae3c70
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/css/stylemain.css HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/wp-content/themes/paycron/style.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:02 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:12:14 GMT
ETag: "28fc8-609a228d6b08f"
Accept-Ranges: bytes
Content-Length: 167880
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
fonts.googleapis.com/css?family=Lato:300,400,700
200 OK 19 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Lato:300,400,700
IP
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type gzip compressed data, max compression\012- data
Hash 2b03daff7b0083d7dace3172052e35b2
c5e182fefe23b13f5761cad595955f0a86011a88
8eb51863b24bacde75286e676b8a2a87414e5a1154fe79126d0046f9dc412dcd
GET /css?family=Lato:300,400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 01 Dec 2023 22:09:02 GMT
date: Fri, 01 Dec 2023 22:09:02 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
44.204.18.94/wp-content/themes/paycron/images/cards.png
200 OK 3.9 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/images/cards.png
IP
File type PNG image data, 200 x 35, 8-bit colormap, non-interlaced\012- data
Hash cafa91e5a933fd7ddb08f1be74950a86
e8cbce0cfabeafbd7cdd4588d260cc82bc7501f9
3259dbb932fd6ff0c843cd6aa45d1e0bd36883f0dd047469adeb3312bdd338b8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/images/cards.png HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:03 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:12:43 GMT
ETag: "f64-609a22a92669b"
Accept-Ranges: bytes
Content-Length: 3940
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
44.204.18.94/wp-content/themes/paycron/images/logo.png
200 OK 5.3 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/images/logo.png
IP
File type PNG image data, 205 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash 77c1d12e7ba766c95bfc7c20f587ff16
d45070c674e88cdc44ef7da8be9fabc75adf39ce
64292f0448ad3e423e03368608699a2b520fad7bc8e6b810ec9f06a9038d19a1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/images/logo.png HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:03 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:12:48 GMT
ETag: "149a-609a22ad49f2e"
Accept-Ranges: bytes
Content-Length: 5274
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
44.204.18.94/wp-content/themes/paycron/images/footer-map.png
200 OK 4.0 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/images/footer-map.png
IP
File type PNG image data, 222 x 92, 8-bit colormap, non-interlaced\012- data
Hash a93e0f645aff1fc007d05045702bcf7d
f72684f3355562067d0b96cca639625939b65f0f
4d4fefa1b72f5870b3326125b6563a91e7b0a757a93b16b363ee45b26bb7f7ff
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/images/footer-map.png HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:03 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:13:00 GMT
ETag: "fc3-609a22b9741ae"
Accept-Ranges: bytes
Content-Length: 4035
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
www.paycron.com/wp-content/themes/paycron/images/video-thumbnail.jpg
200 OK 7.1 kB URL GET HTTP/1.1 www.paycron.com/wp-content/themes/paycron/images/video-thumbnail.jpg
IP
ASN #398101 GO-DADDY-COM-LLC
Certificate IssuerGoDaddy.com, Inc.
Subjectwww.paycron.com
FingerprintFC:67:08:07:1F:01:EB:C4:FF:22:9C:17:F3:DA:35:46:57:41:B2:F9
ValidityWed, 27 Sep 2023 07:14:55 GMT - Fri, 08 Mar 2024 11:50:03 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 470x320, components 3\012- data
Hash cc1427a3322e32b483fc9d6c69820449
edda66f88096026747bdfd84823fafef968b13ff
f80375000528e23aed07162fdb607c31a865d4e5230327563a3c230f5e38de2e
GET /wp-content/themes/paycron/images/video-thumbnail.jpg HTTP/1.1
Host: www.paycron.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:03 GMT
Server: Apache
Vary: Accept-Encoding
Last-Modified: Tue, 02 Mar 2021 04:13:03 GMT
Accept-Ranges: bytes
Content-Length: 7129
Cache-Control: max-age=10368000, public
Expires: Sat, 30 Mar 2024 22:09:03 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/jpeg
www.googletagmanager.com/gtm.js?id=GTM-NJJSHZ8
200 OK 82 kB URL GET HTTP/3 www.googletagmanager.com/gtm.js?id=GTM-NJJSHZ8
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (5749)
Hash 16934ddc679a625f2056e6ae212832a7
b444740025c2d59e6c66c6aef8e985083a626fb4
e7a179af50c1b651b3fcff8148915bf36576cd3162a44e2b7654cc13c4ae6c78
GET /gtm.js?id=GTM-NJJSHZ8 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 01 Dec 2023 22:09:03 GMT
expires: Fri, 01 Dec 2023 22:09:03 GMT
cache-control: private, max-age=900
last-modified: Fri, 01 Dec 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81727
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
200 OK 23 kB URL GET HTTP/2 fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://44.204.18.94
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 12:50:30 GMT
expires: Fri, 29 Nov 2024 12:50:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:07:25 GMT
content-type: font/woff2
age: 119913
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
44.204.18.94/wp-content/themes/paycron/images/1.jpg
200 OK 43 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/images/1.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x598, components 3\012- data
Hash 4e88c09f76d4bc31eaaab1da8a7ee2a1
901c01e0e92fdf08bade91419c9dd9df357146f0
cf90184e7c9ddd6f19a21f0ab4712191abb345d172885a61e47448f2d20864c2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/images/1.jpg HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/wp-content/themes/paycron/css/stylemain.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:03 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:13:01 GMT
ETag: "a7b3-609a22ba654ee"
Accept-Ranges: bytes
Content-Length: 42931
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg
44.204.18.94/wp-content/themes/paycron/images/2.jpg
200 OK 14 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/images/2.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1360x768, components 3\012- data
Hash 69bb1bd81d3fc3452fbff109d5dc1e20
3ef6e6f49812bdd9c1dfa35436d4c79ce7039ed7
5c923d6e50b1a22df2f7eb32b4493a1b7d99775d51a9d04dd058bcf4b5fdce6f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/images/2.jpg HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/wp-content/themes/paycron/css/stylemain.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:03 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:13:00 GMT
ETag: "37d5-609a22b90b9dc"
Accept-Ranges: bytes
Content-Length: 14293
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg
44.204.18.94/wp-content/themes/paycron/images/pattern/10.png
200 OK 291 B URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/images/pattern/10.png
IP
File type PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash 0eb6f64d6f31a6ba4cb4f6cbd345994b
bac77946142e027b189681990484501758ea7f96
43c4f9ae207e2941260c708ca33e0c46e1508142887f6094b2bec03a4e3dd5c2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/images/pattern/10.png HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/wp-content/themes/paycron/css/stylemain.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:03 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:37:50 GMT
ETag: "123-609a284619800"
Accept-Ranges: bytes
Content-Length: 291
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
200 OK 24 kB URL GET HTTP/2 fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://44.204.18.94
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:00:51 GMT
expires: Fri, 29 Nov 2024 04:00:51 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
age: 151692
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2
200 OK 28 kB URL GET HTTP/2 fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 28512, version 1.0\012- data
Hash 16cba75f4b9969077ff30bea2f494e12
71b32a3bbcc6157da9d52accf124660a3cfc66dc
241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde
GET /s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://44.204.18.94
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:37:36 GMT
expires: Thu, 28 Nov 2024 21:37:36 GMT
cache-control: public, max-age=31536000
age: 174687
last-modified: Tue, 15 Aug 2023 18:44:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2
200 OK 28 kB URL GET HTTP/2 fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 28512, version 1.0\012- data
Hash 16cba75f4b9969077ff30bea2f494e12
71b32a3bbcc6157da9d52accf124660a3cfc66dc
241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde
GET /s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://44.204.18.94
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:37:36 GMT
expires: Thu, 28 Nov 2024 21:37:36 GMT
cache-control: public, max-age=31536000
age: 174687
last-modified: Tue, 15 Aug 2023 18:44:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2
200 OK 28 kB URL GET HTTP/2 fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 28512, version 1.0\012- data
Hash 16cba75f4b9969077ff30bea2f494e12
71b32a3bbcc6157da9d52accf124660a3cfc66dc
241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde
GET /s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://44.204.18.94
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:37:36 GMT
expires: Thu, 28 Nov 2024 21:37:36 GMT
cache-control: public, max-age=31536000
age: 174687
last-modified: Tue, 15 Aug 2023 18:44:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
44.204.18.94/wp-content/themes/paycron/images/seo-2.jpg
200 OK 107 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/images/seo-2.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1276x658, components 3\012- data
Size 107 kB (107051 bytes)
Hash 0e858f3386c1771eaf51aa487e2698d3
7cd7bdbadfd329e7c07e567f014849bce7a1dc3e
fd36d85aaf83215669fa1ffad7defb7e07b75b6850bc40ca1b8fb566db91a332
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/images/seo-2.jpg HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/wp-content/themes/paycron/css/stylemain.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:03 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:12:37 GMT
ETag: "1a22b-609a22a37d3dd"
Accept-Ranges: bytes
Content-Length: 107051
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg
44.204.18.94/wp-content/themes/paycron/images/tiles.jpg
200 OK 70 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/images/tiles.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1603x445, components 3\012- data
Hash 75730f917fc7aa3e8eaac4bfd89a8a81
725fddb2b7994b12179966f98d05ba317c1356f6
8608332b9f913c3df114ed6b8a79bbed94e4633831697f655775e23f0a08f0bc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/images/tiles.jpg HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/wp-content/themes/paycron/css/stylemain.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:03 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:12:58 GMT
ETag: "11302-609a22b76e8b3"
Accept-Ranges: bytes
Content-Length: 70402
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg
44.204.18.94/?74523521fe264fb04dac5464a189c973&31644&undefined
200 OK 0 B URL GET HTTP/1.1 44.204.18.94/?74523521fe264fb04dac5464a189c973&31644&undefined
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?74523521fe264fb04dac5464a189c973&31644&undefined HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:03 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
X-Powered-By: PHP/7.4.33
Content-Length: 0
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
www.googletagmanager.com/gtag/destination?id=AW-711906071&l=dataLayer&cx=c
200 OK 75 kB URL GET HTTP/3 www.googletagmanager.com/gtag/destination?id=AW-711906071&l=dataLayer&cx=c
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (4179)
Hash 1938fbd712dcc90b423d198bac0c896f
98dea389ae1c33ff5d17aa122a81aee12cb6cd6b
3970e1e8e5c25be3e2e1f328bcff25b815d9566fd80f876867206e7d4ef29991
GET /gtag/destination?id=AW-711906071&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 01 Dec 2023 22:09:03 GMT
expires: Fri, 01 Dec 2023 22:09:03 GMT
cache-control: private, max-age=900
last-modified: Fri, 01 Dec 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74649
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.googletagmanager.com/gtag/js?id=G-RVHJMHJC7E&l=dataLayer&cx=c
200 OK 96 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-RVHJMHJC7E&l=dataLayer&cx=c
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (7711)
Hash 2628f9c161bd425c1b59cf320186a503
ea0b81b056c4ec65fbeb2c104ca5c748993584af
d0158f282b02ab329b21ec437c00805168a7d0c70ad121d9ccfdd0042bb2e294
GET /gtag/js?id=G-RVHJMHJC7E&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 01 Dec 2023 22:09:03 GMT
expires: Fri, 01 Dec 2023 22:09:03 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 95581
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
200 OK 88 kB URL GET HTTP/2 www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (58198)
Hash 7d4710b3ed2097f2539407d68632993f
e7a902acb7c131575f467d71e2692f085287a022
a9df217a9abddb964d5623ad59e2cd9c35f2cbcf1ad94876cbb271627a3cfbe1
GET /embed/n9QWnlXARD8?rel=0&showinfo=0 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 01 Dec 2023 22:09:03 GMT
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=l0HQIIT5dmk; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=OHI_Zmm0Gm4; Domain=.youtube.com; Expires=Wed, 29-May-2024 22:09:03 GMT; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_PRIVACY_METADATA=CgJOTxICEgA%3D; Domain=.youtube.com; Expires=Wed, 29-May-2024 22:09:03 GMT; Path=/; Secure; HttpOnly; SameSite=lax
CONSENT=PENDING+354; expires=Sun, 30-Nov-2025 22:09:03 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/embed.js
200 OK 16 kB URL GET HTTP/3 www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/embed.js
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type ASCII text, with very long lines (3391)
Hash 4b993df6aaec92ba17cc4d526ad2e4bd
a0b696788d5d621280e4f642b4c66875d40870cb
f21a803f0b7f63109cd608bfbe9769a3dc2e2a17c8e885826529d3981d15d313
GET /s/player/31e0b6d9/player_ias.vflset/en_US/embed.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 16506
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:32:15 GMT
expires: Fri, 29 Nov 2024 04:32:15 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 03:10:29 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 149808
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 15 kB URL GET HTTP/3 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
Requested by https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf0TFInAAAAAAoVjcAs4JrtvJtta3-uUtuXRy0V&co=aHR0cDovLzQ0LjIwNC4xOC45NDo4MA..&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=qysawfrrjckl
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 10:04:07 GMT
expires: Fri, 29 Nov 2024 10:04:07 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 129896
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 11:28:20 GMT
expires: Fri, 29 Nov 2024 11:28:20 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 124843
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.youtube.com/s/player/31e0b6d9/www-embed-player.vflset/www-embed-player.js
200 OK 98 kB URL GET HTTP/3 www.youtube.com/s/player/31e0b6d9/www-embed-player.vflset/www-embed-player.js
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type ASCII text, with very long lines (682)
Hash 24cd2bdc1dd00086a1efbc664060bb49
064027f89f2e8f22be774e7468f7ae4ab79efcbc
4d453a47ad0d1b30a7292b6f712d8645db141ed6adea69b8e7d802f8022365fd
GET /s/player/31e0b6d9/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 98499
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:32:12 GMT
expires: Fri, 29 Nov 2024 04:32:12 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 03:10:29 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 149811
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/base.js
200 OK 784 kB URL GET HTTP/3 www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/base.js
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type ASCII text, with very long lines (555)
Size 784 kB (784263 bytes)
Hash 101fe6d09a2a65ba52bbafa55f73d316
46b1b5f64db74e841d0f606543980dea804707d8
ddc70bebc8a0e4ae5b13a5f8409693a3e88aa4b4415a75f632f11d0f0c423457
GET /s/player/31e0b6d9/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-encoding: gzip
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 784263
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:32:15 GMT
expires: Fri, 29 Nov 2024 04:32:15 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 03:10:29 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 149808
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.paycron.com/wp-content/uploads/2020/09/ima.png
200 OK 318 kB URL GET HTTP/1.1 www.paycron.com/wp-content/uploads/2020/09/ima.png
IP
ASN #398101 GO-DADDY-COM-LLC
Certificate IssuerGoDaddy.com, Inc.
Subjectwww.paycron.com
FingerprintFC:67:08:07:1F:01:EB:C4:FF:22:9C:17:F3:DA:35:46:57:41:B2:F9
ValidityWed, 27 Sep 2023 07:14:55 GMT - Fri, 08 Mar 2024 11:50:03 GMT
File type PNG image data, 850 x 377, 8-bit/color RGBA, non-interlaced\012- data
Size 318 kB (317956 bytes)
Hash f74bb4379e00a4037238c2f1e88efaf8
a28fad32686838b98a9386368887256c3d2b50b4
f3343ab12922459abd24e20521607c26ee861f154c99419d32bd50da91db562e
GET /wp-content/uploads/2020/09/ima.png HTTP/1.1
Host: www.paycron.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:03 GMT
Server: Apache
Vary: Accept-Encoding
Last-Modified: Fri, 25 Sep 2020 11:50:08 GMT
Accept-Ranges: bytes
Content-Length: 317956
Cache-Control: max-age=10368000, public
Expires: Sat, 30 Mar 2024 22:09:03 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
paycron.com/wp-content/themes/paycron/images/testimonials-bg.jpg
200 OK 62 kB URL GET HTTP/1.1 paycron.com/wp-content/themes/paycron/images/testimonials-bg.jpg
IP
ASN #398101 GO-DADDY-COM-LLC
Certificate IssuerGoDaddy.com, Inc.
Subjectwww.paycron.com
FingerprintFC:67:08:07:1F:01:EB:C4:FF:22:9C:17:F3:DA:35:46:57:41:B2:F9
ValidityWed, 27 Sep 2023 07:14:55 GMT - Fri, 08 Mar 2024 11:50:03 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x450, components 3\012- data
Hash 282cb72abdd5282b33723361a91ebe8b
a27f0faa1f355e6b16ccb1676f730781c7e074c5
a9a256349775cdc7a905f8e128b9ecc5857f7ca784c21e4e142d2d35db977ab6
GET /wp-content/themes/paycron/images/testimonials-bg.jpg HTTP/1.1
Host: paycron.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:03 GMT
Server: Apache
Vary: Accept-Encoding
Last-Modified: Tue, 02 Mar 2021 04:13:03 GMT
Accept-Ranges: bytes
Content-Length: 61725
Cache-Control: max-age=10368000, public
Expires: Sat, 30 Mar 2024 22:09:03 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/jpeg
www.gstatic.com/wcm/loader.js
200 OK 1.3 kB URL GET HTTP/2 www.gstatic.com/wcm/loader.js
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (1123)
Hash e66aa914d8fee2fef76972626c4e3c95
f16f051bb480753b62e00f92cccb48d0d4864468
9f959aaad80347edc26ed8279c6a68c098efc76876ac2e2f8ccc54b118f197f4
GET /wcm/loader.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1339
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 01 Dec 2023 21:33:19 GMT
expires: Fri, 01 Dec 2023 22:33:19 GMT
cache-control: public, max-age=3600
age: 2145
last-modified: Mon, 15 Mar 2021 16:45:00 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
200 OK 191 kB URL GET HTTP/3 www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
IP
Requested by https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf0TFInAAAAAAoVjcAs4JrtvJtta3-uUtuXRy0V&co=aHR0cDovLzQ0LjIwNC4xOC45NDo4MA..&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=qysawfrrjckl
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (563)
Size 191 kB (190682 bytes)
Hash 23b9dd721490a4062ba8d01454ef6ba9
efdbb7331585411f7d397dacbf51fd3e95f3031d
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7
GET /recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://44.204.18.94
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 190682
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 01 Dec 2023 19:16:34 GMT
expires: Sat, 30 Nov 2024 19:16:34 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 10350
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RVHJMHJC7E&cid=1587684764.1701468549>m=45je3bt0v875519319z8812990510&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=603071682
200 OK 42 B URL GET HTTP/2 www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RVHJMHJC7E&cid=1587684764.1701468549>m=45je3bt0v875519319z8812990510&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=603071682
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint6E:E4:BC:4A:67:5E:46:6A:B3:E4:CA:61:A7:C0:97:AB:14:F0:34:32
ValidityMon, 23 Oct 2023 11:27:27 GMT - Mon, 15 Jan 2024 11:27:26 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RVHJMHJC7E&cid=1587684764.1701468549>m=45je3bt0v875519319z8812990510&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=603071682 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 22:09:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
44.204.18.94/wp-content/uploads/2016/05/paycron.png
200 OK 2.2 kB URL GET HTTP/1.1 44.204.18.94/wp-content/uploads/2016/05/paycron.png
IP
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash 9eea8581b84b61313a93b5729ba1cd34
f1f4fdae48d923029b2cfa66f054f4ae960c884f
3970fed9a724df3d60b414c9a0638efa8a071742f65cffa56188c4dfcb123471
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/uploads/2016/05/paycron.png HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Cookie: _gcl_au=1.1.745524601.1701468549; _ga_RVHJMHJC7E=GS1.1.1701468548.1.0.1701468548.60.0.0; _ga=GA1.1.1587684764.1701468549
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:04 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:09:34 GMT
ETag: "8a9-609a21f44f0be"
Accept-Ranges: bytes
Content-Length: 2217
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
44.204.18.94/wp-content/uploads/2016/05/paycron.png
200 OK 2.2 kB URL GET HTTP/1.1 44.204.18.94/wp-content/uploads/2016/05/paycron.png
IP
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash 9eea8581b84b61313a93b5729ba1cd34
f1f4fdae48d923029b2cfa66f054f4ae960c884f
3970fed9a724df3d60b414c9a0638efa8a071742f65cffa56188c4dfcb123471
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/uploads/2016/05/paycron.png HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Cookie: _gcl_au=1.1.745524601.1701468549; _ga_RVHJMHJC7E=GS1.1.1701468548.1.0.1701468548.60.0.0; _ga=GA1.1.1587684764.1701468549
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:04 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:09:34 GMT
ETag: "8a9-609a21f44f0be"
Accept-Ranges: bytes
Content-Length: 2217
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png
www.paycron.com/wp-content/uploads/2016/05/paycron.png
200 OK 2.2 kB URL GET HTTP/1.1 www.paycron.com/wp-content/uploads/2016/05/paycron.png
IP
ASN #398101 GO-DADDY-COM-LLC
Certificate IssuerGoDaddy.com, Inc.
Subjectwww.paycron.com
FingerprintFC:67:08:07:1F:01:EB:C4:FF:22:9C:17:F3:DA:35:46:57:41:B2:F9
ValidityWed, 27 Sep 2023 07:14:55 GMT - Fri, 08 Mar 2024 11:50:03 GMT
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash 9eea8581b84b61313a93b5729ba1cd34
f1f4fdae48d923029b2cfa66f054f4ae960c884f
3970fed9a724df3d60b414c9a0638efa8a071742f65cffa56188c4dfcb123471
GET /wp-content/uploads/2016/05/paycron.png HTTP/1.1
Host: www.paycron.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:04 GMT
Server: Apache
Vary: Accept-Encoding
Last-Modified: Tue, 06 Mar 2018 03:58:32 GMT
Accept-Ranges: bytes
Content-Length: 2217
Cache-Control: max-age=10368000, public
Expires: Sat, 30 Mar 2024 22:09:04 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf0TFInAAAAAAoVjcAs4JrtvJtta3-uUtuXRy0V&co=aHR0cDovLzQ0LjIwNC4xOC45NDo4MA..&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=qysawfrrjckl
200 OK 26 kB URL GET HTTP/3 www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf0TFInAAAAAAoVjcAs4JrtvJtta3-uUtuXRy0V&co=aHR0cDovLzQ0LjIwNC4xOC45NDo4MA..&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=qysawfrrjckl
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (56425)
Hash 6fefa18126af327d0a85bba8a85f9e48
5fe447e83fa83ff1ec5ca740cd86796d020b195a
778715c11511683e9a985d58543a59c05744f15ffdeebe09bde50b1e7e871178
GET /recaptcha/api2/anchor?ar=1&k=6Lf0TFInAAAAAAoVjcAs4JrtvJtta3-uUtuXRy0V&co=aHR0cDovLzQ0LjIwNC4xOC45NDo4MA..&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=qysawfrrjckl HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-security-policy: script-src 'nonce-GYxX2YSw5ymNNIX0j1UalA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
date: Fri, 01 Dec 2023 22:09:04 GMT
expires: Fri, 01 Dec 2023 22:09:04 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
200 OK 191 kB URL GET HTTP/3 www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
IP
Requested by https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf0TFInAAAAAAoVjcAs4JrtvJtta3-uUtuXRy0V&co=aHR0cDovLzQ0LjIwNC4xOC45NDo4MA..&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=qysawfrrjckl
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (563)
Size 191 kB (190682 bytes)
Hash 23b9dd721490a4062ba8d01454ef6ba9
efdbb7331585411f7d397dacbf51fd3e95f3031d
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7
GET /recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 190682
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 01 Dec 2023 19:16:34 GMT
expires: Sat, 30 Nov 2024 19:16:34 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 10350
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.gstatic.com/call-tracking/call-tracking_7.js
200 OK 21 kB URL GET HTTP/1.1 www.gstatic.com/call-tracking/call-tracking_7.js
IP
File type ASCII text, with very long lines (2828)
Hash 8a8bf04aa59034f517341e59c31593cc
88d8249f054a46229b73bfcaed9ab347408de2bb
ff2fde453aa6220144126828a284d4cc227479f1fe83beef3a6b6a4504c7e4df
GET /call-tracking/call-tracking_7.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-telephony
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-telephony"
Report-To: {"group":"ads-telephony","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-telephony"}]}
Content-Length: 21020
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 30 Nov 2023 05:27:08 GMT
Expires: Fri, 29 Nov 2024 05:27:08 GMT
Cache-Control: public, max-age=31536000
Age: 146516
Last-Modified: Thu, 20 Jul 2023 22:48:00 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
region1.analytics.google.com/g/collect?v=2&tid=G-RVHJMHJC7E>m=45je3bt0v875519319z8812990510&_p=1701468547989&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1587684764.1701468549&ul=en-us&sr=1280x1024&_s=1&sid=1701468548&sct=1&seg=0&dl=http%3A%2F%2F44.204.18.94%2F&dt=Secure%20eCheck%20and%20Merchant%20Payment%20Services%20%7C%20PAYCRON&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2955
204 No Content 0 B URL POST HTTP/2 region1.analytics.google.com/g/collect?v=2&tid=G-RVHJMHJC7E>m=45je3bt0v875519319z8812990510&_p=1701468547989&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1587684764.1701468549&ul=en-us&sr=1280x1024&_s=1&sid=1701468548&sct=1&seg=0&dl=http%3A%2F%2F44.204.18.94%2F&dt=Secure%20eCheck%20and%20Merchant%20Payment%20Services%20%7C%20PAYCRON&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2955
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-RVHJMHJC7E>m=45je3bt0v875519319z8812990510&_p=1701468547989&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1587684764.1701468549&ul=en-us&sr=1280x1024&_s=1&sid=1701468548&sct=1&seg=0&dl=http%3A%2F%2F44.204.18.94%2F&dt=Secure%20eCheck%20and%20Merchant%20Payment%20Services%20%7C%20PAYCRON&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2955 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://44.204.18.94
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://44.204.18.94
date: Fri, 01 Dec 2023 22:09:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
200 OK 0 B URL OPTIONS HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Fri, 01 Dec 2023 22:09:04 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
200 OK 33 kB URL OPTIONS HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 71788b0ccb8fa0e4033ab1afba3516bc
51094b2a2d770d131f5269a76f25b85bd800a44b
ac875d49d1858bb5156625883e2f5d32e14c203cc2a5099a0d4b5b5cbb4dfbe9
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 01 Dec 2023 22:09:04 GMT
server: ESF
cache-control: private
content-length: 33012
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 15 kB URL GET HTTP/3 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
Requested by https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf0TFInAAAAAAoVjcAs4JrtvJtta3-uUtuXRy0V&co=aHR0cDovLzQ0LjIwNC4xOC45NDo4MA..&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=qysawfrrjckl
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 10:04:07 GMT
expires: Fri, 29 Nov 2024 10:04:07 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 129897
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.gstatic.com/recaptcha/api2/logo_48.png
200 OK 2.2 kB URL GET HTTP/3 www.gstatic.com/recaptcha/api2/logo_48.png
IP
Requested by https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf0TFInAAAAAAoVjcAs4JrtvJtta3-uUtuXRy0V&co=aHR0cDovLzQ0LjIwNC4xOC45NDo4MA..&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=qysawfrrjckl
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:37:43 GMT
expires: Wed, 06 Dec 2023 21:37:43 GMT
cache-control: public, max-age=604800
age: 174681
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
i.ytimg.com/vi/n9QWnlXARD8/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB1AaAAuADigIMCAAQARgwIEQofzAP&rs=AOn4CLC0Z1Zfxg2AQ7mDY-OyCSBr9f1PMA
200 OK 2.2 kB URL GET HTTP/2 i.ytimg.com/vi/n9QWnlXARD8/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB1AaAAuADigIMCAAQARgwIEQofzAP&rs=AOn4CLC0Z1Zfxg2AQ7mDY-OyCSBr9f1PMA
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subjectedgestatic.com
FingerprintC8:30:4C:1A:A8:FF:83:E1:A2:7F:DB:02:8C:D9:05:46:C4:D6:CA:95
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x90, components 3\012- data
Hash e724971dac6015e50cc0b4f4e0b459c9
b4e4daffc01b3cf166c5d4149f80330d1ad12d3c
f13b599104bfcb4ddfd4f0187be82f6d50d74473814ade18a5ed152784a5560d
GET /vi/n9QWnlXARD8/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB1AaAAuADigIMCAAQARgwIEQofzAP&rs=AOn4CLC0Z1Zfxg2AQ7mDY-OyCSBr9f1PMA HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 2201
date: Fri, 01 Dec 2023 22:09:04 GMT
expires: Sat, 02 Dec 2023 00:09:04 GMT
cache-control: public, max-age=7200
etag: "1691791587"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/remote.js
200 OK 34 kB URL GET HTTP/3 www.youtube.com/s/player/31e0b6d9/player_ias.vflset/en_US/remote.js
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type ASCII text, with very long lines (537)
Hash 63aa8296f70f3dcbf8b5df6faf8d46c3
2494976b44b1d3ec3b5825297e243679e7cca1dd
869da04350e0925de923dd2c39c41d18ba0625e3541bd5059ed5a611550552b6
GET /s/player/31e0b6d9/player_ias.vflset/en_US/remote.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 33484
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:32:21 GMT
expires: Fri, 29 Nov 2024 04:32:21 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 03:10:29 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 149803
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.google.com/js/th/iPEf94t7kg41AT9t4roGKH7lRPlVKxurQ2Q3DUZ2d_o.js
200 OK 15 kB URL GET HTTP/3 www.google.com/js/th/iPEf94t7kg41AT9t4roGKH7lRPlVKxurQ2Q3DUZ2d_o.js
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type ASCII text, with very long lines (38778)
Hash 611664198e75adad39f34b46876810f4
e4a80a37ddbebff8794b6edcaa73e55152208f24
88f11ff78b7b920e35013f6de2ba06287ee544f9552b1bab4364370d467677fa
GET /js/th/iPEf94t7kg41AT9t4roGKH7lRPlVKxurQ2Q3DUZ2d_o.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 15286
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 14:38:43 GMT
expires: Thu, 28 Nov 2024 14:38:43 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 06 Nov 2023 17:00:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 199821
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
200 OK 0 B URL OPTIONS HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Fri, 01 Dec 2023 22:09:04 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
200 OK 114 B URL OPTIONS HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash f7fc6409ef530e845aa167e3c9aac867
bd387fac9b234477cf64ead5151079e5266a4fc0
42bc2250fdf96f46954c8fe7d32f1064d58b8f25e7b7181841b58643a905cd58
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1311
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 01 Dec 2023 22:09:05 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-0345ad6.js
200 OK 52 kB URL GET HTTP/2 static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-0345ad6.js
IP
Certificate IssuerLet's Encrypt
Subjectzdassets.com
Fingerprint5F:75:10:F4:97:EA:C8:48:F9:4F:E6:19:19:A3:13:24:44:C1:E7:3C
ValidityMon, 23 Oct 2023 13:35:25 GMT - Sun, 21 Jan 2024 13:35:24 GMT
File type ASCII text, with very long lines (65307)
Hash b8284a4b45e40625c2b90a641ebe4a68
8285ea200e6679b92b07818033ee54199ccc13d5
965cba95c928e95003ce37271090406eaa7d5c2d955230a785b2b3be8a9a17f5
GET /web_widget/classic/latest/web-widget-chat-sdk-0345ad6.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 01 Dec 2023 22:09:05 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: Ad9v/8JLxvkhVxv6lGIgKq+X+Yu/pujiWIV9tvuMWaAhnzcHDXExlB1L5zBSuH5dZA74xm8wuLxUr39uMsMNYg==
x-amz-request-id: 5NGAHHY8W9D8PRQ9
x-amz-replication-status: COMPLETED
last-modified: Mon, 06 Nov 2023 00:49:00 GMT
etag: W/"b8284a4b45e40625c2b90a641ebe4a68"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Tue, 05 Nov 2024 00:48:59 GMT
x-amz-version-id: o7xvdt2jCIx0Amjxg6egfD1YDavsv5SR
cf-cache-status: HIT
age: 837055
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uqEQRTOFxPXROZ6CXN5AYGGLEGRRPvE7qpm7n049OkMAFhEldBCdJDIlBD8cF7LEFP1tzxCZ1UwKwbwTo0AltRxHiHNuT3AzF10r3A7dN%2FmCGm4m58VRcZHdbMVdqHBpp5KKZDQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 82eea707095f5689-OSL
content-encoding: br
X-Firefox-Spdy: h2
yt3.ggpht.com/DZWdhhcgNaZwOzYS0BCvPG_MVcRloYw0mqw2n1UAlxZ2KHXWj9buTAZqUZK6IftDBucsQQ6a=s68-c-k-c0x00ffffff-no-rj
200 OK 1.7 kB URL GET HTTP/2 yt3.ggpht.com/DZWdhhcgNaZwOzYS0BCvPG_MVcRloYw0mqw2n1UAlxZ2KHXWj9buTAZqUZK6IftDBucsQQ6a=s68-c-k-c0x00ffffff-no-rj
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 68x68, components 3\012- data
Hash 5f3c64d47c10694ca2e1f8b4e2ae8a21
1b5b837abb859f57ee7a69acb2796d4bdd8a6b38
dce6cd4725e89596e0edd4900b36d5b4e20e861ccdacb5f87f15f297d2758f0d
GET /DZWdhhcgNaZwOzYS0BCvPG_MVcRloYw0mqw2n1UAlxZ2KHXWj9buTAZqUZK6IftDBucsQQ6a=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
etag: "v1"
expires: Sat, 02 Dec 2023 22:09:05 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="channels4_profile.jpg"
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 22:09:05 GMT
server: fife
content-length: 1724
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
widget-mediator.zopim.com/s/W/ws/3aydRZrWBLU7fflp/c/1701468550124
0 B URL widget-mediator.zopim.com/s/W/ws/3aydRZrWBLU7fflp/c/1701468550124
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/W/ws/3aydRZrWBLU7fflp/c/1701468550124 HTTP/1.1
Host: widget-mediator.zopim.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://44.204.18.94
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6QJ7iLoidP4XD6G+94iSJg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Fri, 01 Dec 2023 22:09:05 GMT
Connection: upgrade
Set-Cookie: AWSALB=FdVMOy0zh1xC2dFIb/NII+fhPR8Bx3u/mKWSJEzQi/yIHHctj2pMdnWOONlav88JNTBcn9sx7ZVuw+QuNJH9mb+KQdb708Bv1AKKPsn9deWQ4o0HpNcSUXidm19T; Expires=Fri, 08 Dec 2023 22:09:05 GMT; Path=/
AWSALBCORS=FdVMOy0zh1xC2dFIb/NII+fhPR8Bx3u/mKWSJEzQi/yIHHctj2pMdnWOONlav88JNTBcn9sx7ZVuw+QuNJH9mb+KQdb708Bv1AKKPsn9deWQ4o0HpNcSUXidm19T; Expires=Fri, 08 Dec 2023 22:09:05 GMT; Path=/; SameSite=None; Secure
Upgrade: websocket
Sec-WebSocket-Accept: X3IiLyCNw0dukti9eyzTl2iYFAQ=
Sec-WebSocket-Version: 13
WebSocket-Server: uWebSockets
static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3
206 Partial Content 20 kB URL GET HTTP/2 static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3
IP
Certificate IssuerLet's Encrypt
Subjectzdassets.com
Fingerprint5F:75:10:F4:97:EA:C8:48:F9:4F:E6:19:19:A3:13:24:44:C1:E7:3C
ValidityMon, 23 Oct 2023 13:35:25 GMT - Sun, 21 Jan 2024 13:35:24 GMT
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo\012- data
Hash f11ce9e8f40a392830217253fe75d6de
89ba57fcc360da34756c127acba15a8b23267fc6
05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee
GET /web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 206 Partial Content
date: Fri, 01 Dec 2023 22:09:05 GMT
content-type: audio/mpeg; charset=utf-8
content-length: 19698
x-amz-id-2: u4rjVl6bznOFELXxWcdEy4cxf3HS8QD5+1jVYrU8pTGZTnnUMyhwdvSjilQjVnwTrzYblOccmBE=
x-amz-request-id: HT3YBWDSMX7GGWKJ
x-amz-replication-status: COMPLETED
last-modified: Tue, 26 Sep 2023 06:59:46 GMT
etag: "f11ce9e8f40a392830217253fe75d6de"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 25 Sep 2024 06:59:45 GMT
x-amz-version-id: 7mQmj5CjPPHXphZWB9MwFHsB8G6GZRZR
cf-cache-status: HIT
age: 483919
content-range: bytes 0-19697/19698
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vpiuZ0kqw9UdyiGUtLOy4nDqWaFZpT7BhgG7rDtk4bgIdeHl1Xq1TAs41v82lSnCSGEPvO54DM0cys1P%2BGBCLiaifPErKdYnRH%2Bni2uGBSVJkBMaB3NtFpJNJDrksuD9W4egGDw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 82eea70bacc25689-OSL
X-Firefox-Spdy: h2
www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
200 OK 31 B URL POST HTTP/3 www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type JSON data\012- , ASCII text
Hash 5e1fa6fd9abd549a576f3f24b1d3c8d4
d5335d7f7d33be6a0b663f03b2df4df2521c4a87
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Request-Time: 1701468551637
Content-Type: application/json
X-Goog-Visitor-Id: CgtPSElfWm1tMEdtNCj_sqmrBjIICgJOTxICEgA%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20231128.01.01
X-YouTube-Utc-Offset: 0
X-YouTube-Time-Zone: UTC
X-YouTube-Ad-Signals: dt=1701468548896&flash=0&frm=2&u_tz&u_his=2&u_h=1024&u_w=1280&u_ah=1024&u_aw=1280&u_cd=24&bc=23&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C0%2C0%2C0%2C0&vis=1&wgl=true&ca_type=image
Content-Length: 16215
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: br
date: Fri, 01 Dec 2023 22:09:06 GMT
server: scaffolding on HTTPServer2
content-length: 31
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+248; expires=Sun, 30-Nov-2025 22:09:06 GMT; path=/; domain=.youtube.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Dec 2023 22:09:06 GMT
cache-control: private
fonts.googleapis.com/css?family=Oswald:400,300,700
200 OK 621 B URL GET HTTP/2 fonts.googleapis.com/css?family=Oswald:400,300,700
IP
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type gzip compressed data, max compression\012- data
Hash 18ead178ae20d0f63f0f84e148d5470f
a7bd359ac1f94db05a0a6f1ac989925ad2bd6e0d
98208330f9005fee549ca86cf7f846a2fd02f0fe0bcb5e03abb5ff94858a2eb4
GET /css?family=Oswald:400,300,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 01 Dec 2023 22:09:02 GMT
date: Fri, 01 Dec 2023 22:09:02 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.livesession.io/track.js
200 OK 46 kB URL GET HTTP/2 cdn.livesession.io/track.js
IP
Certificate IssuerLet's Encrypt
Subjectcdn.livesession.io
FingerprintA3:36:41:B3:CC:2E:12:63:55:00:BF:10:67:4D:6A:32:CE:C5:19:4E
ValidityThu, 09 Nov 2023 14:40:11 GMT - Wed, 07 Feb 2024 14:40:10 GMT
File type Unicode text, UTF-8 text, with very long lines (65471)
Hash efeee0200c5e6e6995a7dc06fd6e4ac5
0f05653f3d0a1d5b765f4167f2419ff9b36d1ed7
f727582678241a9b9b212f8ff80287c6842b90cc44ded48673889dcad6360ebd
GET /track.js HTTP/1.1
Host: cdn.livesession.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://44.204.18.94/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
age: 98865
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-encoding: br
content-type: application/javascript; charset=UTF-8
date: Fri, 01 Dec 2023 22:09:08 GMT
etag: "973434170b4b9e61b9a20cd39132641e-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nf-request-id: 01HGKPVB4QQ2FW03HPC1DVAKG8
content-length: 45752
X-Firefox-Spdy: h2
www2.mousestats.com/js/5/4/5445850209551115881.js?2835780
200 OK 5.7 kB URL GET HTTP/1.1 www2.mousestats.com/js/5/4/5445850209551115881.js?2835780
IP
File type ASCII text, with very long lines (641), with CRLF line terminators
Hash 30a0aa6a4ef1adf917de23142132752f
9859399991f6cfca83f0add53a4f328a7e4177e7
927fcf0deec299115dcd77b0cdb40a5d0ff0df662358691a2a9844a0b0b5487d
GET /js/5/4/5445850209551115881.js?2835780 HTTP/1.1
Host: www2.mousestats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:08 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=1800
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Powered-By: MouseStats
CF-Cache-Status: MISS
Last-Modified: Fri, 01 Dec 2023 22:09:08 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0TtSIapA83v6MkgL8UWkXVJNomB9%2FyiSwjpbyyk7pIqXEUQOolfiS64GwxM8bimqbvViS8ByS37xJ4RPsxoYLb8DDpWZyPotsEpRV9Ml9l86gQWnbAI28uQlYY5WY386X1esnM8w"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82eea71b8c405687-OSL
Content-Encoding: gzip
www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
200 OK 31 B URL POST HTTP/3 www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type JSON data\012- , ASCII text
Hash 5e1fa6fd9abd549a576f3f24b1d3c8d4
d5335d7f7d33be6a0b663f03b2df4df2521c4a87
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Request-Time: 1701468562611
Content-Type: application/json
X-Goog-Visitor-Id: CgtPSElfWm1tMEdtNCj_sqmrBjIICgJOTxICEgA%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20231128.01.01
X-YouTube-Utc-Offset: 0
X-YouTube-Time-Zone: UTC
X-YouTube-Ad-Signals: dt=1701468548896&flash=0&frm=2&u_tz&u_his=2&u_h=1024&u_w=1280&u_ah=1024&u_aw=1280&u_cd=24&bc=23&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C0%2C0%2C0%2C0&vis=1&wgl=true&ca_type=image
Content-Length: 818
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: br
date: Fri, 01 Dec 2023 22:09:17 GMT
server: scaffolding on HTTPServer2
content-length: 31
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+610; expires=Sun, 30-Nov-2025 22:09:17 GMT; path=/; domain=.youtube.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Dec 2023 22:09:17 GMT
cache-control: private
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-0345ad6.js
200 OK 26 kB URL GET HTTP/2 static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-0345ad6.js
IP
Certificate IssuerLet's Encrypt
Subjectzdassets.com
Fingerprint5F:75:10:F4:97:EA:C8:48:F9:4F:E6:19:19:A3:13:24:44:C1:E7:3C
ValidityMon, 23 Oct 2023 13:35:25 GMT - Sun, 21 Jan 2024 13:35:24 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /web_widget/classic/latest/web-widget-locales/classic/en-us-json-0345ad6.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Dec 2023 22:09:05 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: 30QD48lw+Xk4Za/KTs3qUzuf+pyeSSso8S0TOdNcnw7ByTmU4mh5Pd0VGfA/Y4mrlADYzA+RWgM=
x-amz-request-id: XMH8WHSS3SHAKJMK
x-amz-replication-status: COMPLETED
last-modified: Mon, 06 Nov 2023 00:49:02 GMT
etag: W/"6eb45e96a7cbb4b8ca10897f3cf09981"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Tue, 05 Nov 2024 00:49:01 GMT
x-amz-version-id: I_EA8shgdUVnTYVtPsngXZhS4fZlnaal
cf-cache-status: HIT
age: 831561
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qrbmGHe4hYTZqecGOZbHxgLy0i9MCOPvcADDowy7cxd65yIa%2B2QZc7Ay%2FVkc7gfj8USvVKFawk6SnCDlqG08EJEl05GlPKQoXACHB4pNczRiGCYIGcK9%2BpzlzCLYZKwF0aokspY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 82eea706c9345689-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-0345ad6.js
200 OK 236 B URL GET HTTP/2 static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-0345ad6.js
IP
Certificate IssuerLet's Encrypt
Subjectzdassets.com
Fingerprint5F:75:10:F4:97:EA:C8:48:F9:4F:E6:19:19:A3:13:24:44:C1:E7:3C
ValidityMon, 23 Oct 2023 13:35:25 GMT - Sun, 21 Jan 2024 13:35:24 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 22a5acf27bb842f36bad907e5eab9d27
834424a0805a056b46506d5e2dd1013cc46c6ec5
4115d64c5d796d81a67b09af1ee3e5427a1e4f67419850a8292fe0f77072502b
GET /web_widget/classic/latest/web-widget-chat-incoming-message-notification-0345ad6.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Dec 2023 22:09:05 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: PAYiUNENTTH0majCpr8vd63fchQ57pePYwSKQtjrr4rGQG0eCIXiyQNC5eYdhXA0Tze9Fl7TM6DqkmCVhM1TVA==
x-amz-request-id: TNT99ZPW14DKR3S0
x-amz-replication-status: COMPLETED
last-modified: Mon, 06 Nov 2023 00:49:00 GMT
etag: W/"77bb07ca171e3ff2b72a7dafa7822bc8"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Tue, 05 Nov 2024 00:48:59 GMT
x-amz-version-id: rT8m_K3LhMtAQDCRs.j5_bAXeWIPQepL
cf-cache-status: HIT
age: 73977
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fCYjq2Pwa0Qkis%2B6yFvd64h7QjNmHKUIhJOK2Usca53bfNkljhNprqhF1lbnTSUjsylovneWiqtqMGwoutgyshxGenUphDgvDIVlo7zdimTO5ag7aNjgdclyjGNBu8YCjMX4ePE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 82eea70aec315689-OSL
content-encoding: br
X-Firefox-Spdy: h2
ekr.zdassets.com/compose/zopim_chat/1ECbiFQP44Xlu7TjvPRUeqk8d8IGRoV7
200 OK 756 B URL GET HTTP/2 ekr.zdassets.com/compose/zopim_chat/1ECbiFQP44Xlu7TjvPRUeqk8d8IGRoV7
IP
Certificate IssuerLet's Encrypt
Subjectzdassets.com
Fingerprint5F:75:10:F4:97:EA:C8:48:F9:4F:E6:19:19:A3:13:24:44:C1:E7:3C
ValidityMon, 23 Oct 2023 13:35:25 GMT - Sun, 21 Jan 2024 13:35:24 GMT
File type troff or preprocessor input, ASCII text, with very long lines (852), with no line terminators
Hash a018ebd641240c6e7bd2e4350254ba53
d02411f9f54327216c73f6243e352429b5a7f4c7
3063bc46d22a721ff41e1cb3bbd61cff1f768293a9fe6a145750779d6c77ea58
GET /compose/zopim_chat/1ECbiFQP44Xlu7TjvPRUeqk8d8IGRoV7 HTTP/1.1
Host: ekr.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://44.204.18.94/
Origin: http://44.204.18.94
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Dec 2023 22:09:04 GMT
content-type: application/json; charset=utf-8
status: 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-expose-headers:
access-control-max-age: 7200
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cdn-cache-control: max-age=60
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
etag: W/"73c06784bee25db389d3a38ccfc1d1af"
x-request-id: 82ec18ec0b3d2788-SEA, 82ec18ec0b3d2788-SEA
x-runtime: 0.004290
x-zendesk-zorg: yes
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SwVV%2FUma1cSCKF0iitzxM0w3AGnZdHpp5zI2D1dXkeIKFcZ8GC5zCxIVIYkNFDqbafmWnrPI6iwbrvEo3dJqmC2FhPAma1lHPqOoVdj2d8QzyJZOoiAUGCBPluqm7yNsRW0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 82eea702be7656bf-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?render=6Lf0TFInAAAAAAoVjcAs4JrtvJtta3-uUtuXRy0V&ver=3.0
200 OK 884 B URL GET HTTP/2 www.google.com/recaptcha/api.js?render=6Lf0TFInAAAAAAoVjcAs4JrtvJtta3-uUtuXRy0V&ver=3.0
IP
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT
File type ASCII text, with very long lines (884), with no line terminators
Hash aefe5597ff2cfca71e4e99d69af01205
c19eb86a70f61569f731afd5204ae128d948738c
2d81d5a24d928df8b040b2a45fe0f0fb2359acfd474e0b50130b5be7fd8f0d41
GET /recaptcha/api.js?render=6Lf0TFInAAAAAAoVjcAs4JrtvJtta3-uUtuXRy0V&ver=3.0 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Fri, 01 Dec 2023 22:09:02 GMT
date: Fri, 01 Dec 2023 22:09:02 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
v2.zopim.com/?1ECbiFQP44Xlu7TjvPRUeqk8d8IGRoV7
302 Found 10 kB URL GET HTTP/2 v2.zopim.com/?1ECbiFQP44Xlu7TjvPRUeqk8d8IGRoV7
IP
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint64:84:01:52:66:5B:61:66:C8:F4:04:8C:95:BD:FA:3B:76:29:0D:83
ValiditySun, 30 Apr 2023 00:00:00 GMT - Mon, 29 Apr 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?1ECbiFQP44Xlu7TjvPRUeqk8d8IGRoV7 HTTP/1.1
Host: v2.zopim.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 01 Dec 2023 22:09:04 GMT
location: https://static.zdassets.com/ekr/asset_composer.js
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 82eea7017aa5b4f7-OSL
X-Firefox-Spdy: h2
rs.livesession.io/visitors/init?account_id=7ccbde80&website_id=ddf7789b
200 OK 55 B URL GET HTTP/2 rs.livesession.io/visitors/init?account_id=7ccbde80&website_id=ddf7789b
IP
Certificate IssuerGoogle Trust Services LLC
Subjectlivesession.io
FingerprintE4:22:AE:85:9F:E9:8D:83:01:AE:33:EB:5B:28:57:F7:2C:2C:24:4E
ValidityTue, 31 Oct 2023 06:34:31 GMT - Mon, 29 Jan 2024 06:34:30 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 632ffa7d10c8b711f0ca50ff4babef8e
63cc1a42e9e07360a07f29baa7c509d9c0d476b5
e142839b1ee1aa9d3b55fc955e07d6785821b38f6722d4fa3c6e1b503a603a58
GET /visitors/init?account_id=7ccbde80&website_id=ddf7789b HTTP/1.1
Host: rs.livesession.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://44.204.18.94
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Dec 2023 22:09:08 GMT
content-type: application/json; charset=UTF-8
access-control-allow-credentials: true
access-control-allow-origin: http://44.204.18.94
vary: Origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wdMV5iR6OjGiTrrTkCJE667sO5gzqb8BiANKUgzpjU07FtTw1LTtqM2lsKuBOd4LwKYzkxHry0jZLWO2014kOOY4U8O%2Bdu7WRFYONICkV2iUNWDWKaT0vLQliTwK0oqR9wKzgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82eea71ba85c56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.youtube.com/generate_204?W0_lCQ
204 No Content 0 B URL GET HTTP/3 www.youtube.com/generate_204?W0_lCQ
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /generate_204?W0_lCQ HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 204 No Content
content-length: 0
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 22:09:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
200 OK 56 kB URL GET HTTP/3 www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css
IP
Requested by https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf0TFInAAAAAAoVjcAs4JrtvJtta3-uUtuXRy0V&co=aHR0cDovLzQ0LjIwNC4xOC45NDo4MA..&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&cb=qysawfrrjckl
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (56398), with no line terminators
Hash eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
GET /recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 01 Dec 2023 14:05:21 GMT
expires: Sat, 30 Nov 2024 14:05:21 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
content-type: text/css
vary: Accept-Encoding
age: 29023
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.youtube.com/s/player/31e0b6d9/www-player.css
200 OK 388 kB URL GET HTTP/3 www.youtube.com/s/player/31e0b6d9/www-player.css
IP
Requested by https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Size 388 kB (387559 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/player/31e0b6d9/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/n9QWnlXARD8?rel=0&showinfo=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 48920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:32:12 GMT
expires: Fri, 29 Nov 2024 04:32:12 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 03:10:29 GMT
content-type: text/css
vary: Accept-Encoding, Origin
age: 149811
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
static.zdassets.com/web_widget/classic/latest/web-widget-main-0345ad6.js
200 OK 945 kB URL GET HTTP/2 static.zdassets.com/web_widget/classic/latest/web-widget-main-0345ad6.js
IP
Certificate IssuerLet's Encrypt
Subjectzdassets.com
Fingerprint5F:75:10:F4:97:EA:C8:48:F9:4F:E6:19:19:A3:13:24:44:C1:E7:3C
ValidityMon, 23 Oct 2023 13:35:25 GMT - Sun, 21 Jan 2024 13:35:24 GMT
Size 945 kB (944944 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /web_widget/classic/latest/web-widget-main-0345ad6.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Dec 2023 22:09:04 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: ZySt8kL6ROzjbORLYN+I+W/w/yJpdfSQoR8pczX7IS0KJ4757YvEDq2mRj/feQlz/RRnW6+iyR4=
x-amz-request-id: 5NG7YA8N871VD5J1
x-amz-replication-status: COMPLETED
last-modified: Mon, 06 Nov 2023 00:49:00 GMT
etag: W/"d21ab80a38e205ddac2cf2e5ff41ab5d"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Tue, 05 Nov 2024 00:48:59 GMT
x-amz-version-id: 4cbhc1.6rLf_h9ym68WJ6KIAscXI23.M
cf-cache-status: HIT
age: 757229
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6y9D856RrpaR46nKBU4MTPgO2del7aYqeLd2IL2U9gQJDY%2BpbOYyhuSPe0GGnZLByGxIpAmfk6vkjLKd7MSn65Wfdewu7kHh24v3vw4RzL4JNjY5Kcplv8Wqdskxep1blLKfd0M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 82eea7046f6f5689-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.zdassets.com/ekr/asset_composer.js
200 OK 10 kB URL GET HTTP/2 static.zdassets.com/ekr/asset_composer.js
IP
Certificate IssuerLet's Encrypt
Subjectzdassets.com
Fingerprint5F:75:10:F4:97:EA:C8:48:F9:4F:E6:19:19:A3:13:24:44:C1:E7:3C
ValidityMon, 23 Oct 2023 13:35:25 GMT - Sun, 21 Jan 2024 13:35:24 GMT
File type ASCII text, with very long lines (10187), with no line terminators
Hash 42d94c325a0b012e41f9c3907853625a
567dbe8e0b61115deb7c33947f706d4e51c3ab49
9f22f6e9d4852f8be0706b62fbd0eba20f6cb56171def5e387b2d95fcd07df01
GET /ekr/asset_composer.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://44.204.18.94/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Dec 2023 22:09:04 GMT
content-type: application/javascript
x-amz-id-2: qF3Dr+18l71kNwl/o1gxNKR01tF3+tvw2z8ph5AVonsmTb0i8srRHUJyo6TPJ7PjYB74Y88yfLU=
x-amz-request-id: T4XEH5EN07WEN8AH
x-amz-replication-status: COMPLETED
last-modified: Wed, 09 Aug 2023 01:01:02 GMT
etag: W/"42d94c325a0b012e41f9c3907853625a"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600, s-maxage=60
x-amz-version-id: UVyRrNCT14O0dfFWDj2LMoXLPgAxLFso
cf-cache-status: HIT
age: 55
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j1sYjLCyhxmoHHEO1ohauXyKLClhm65RiRWAyLib6ssLz3a%2BasAgEJFrZ840kvGJEqcsY2uMyi1VmMwYdp2d7kPaBxHn6%2B7dJNvARIXWxEILqyLh1%2F4cqcYrMwk72KSAy7%2F4KLU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 82eea701ddbf5689-OSL
content-encoding: br
X-Firefox-Spdy: h2
44.204.18.94/wp-content/themes/paycron/images/preventchargebackebook.jpg
200 OK 19 kB URL GET HTTP/1.1 44.204.18.94/wp-content/themes/paycron/images/preventchargebackebook.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 570x199, components 3\012- data
Hash 0223cd296f1589e38fcc45fda4d5cf04
a6aed43d132b4f946577fb3cb362210de0151106
f7b38fd7ba67d599c153910337e98887b76e5854ed1bf2b2e91a2473a227cd2a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/themes/paycron/images/preventchargebackebook.jpg HTTP/1.1
Host: 44.204.18.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://44.204.18.94/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 22:09:03 GMT
Server: Apache/2.4.58 () OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 08 Nov 2023 11:12:35 GMT
ETag: "48ad-609a22a13a28a"
Accept-Ranges: bytes
Content-Length: 18605
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg
widget-mediator.zopim.com/s/W/ws/3aydRZrWBLU7fflp/c/1701468550124
101 Switching Protocols 0 B URL GET HTTP/1.1 widget-mediator.zopim.com/s/W/ws/3aydRZrWBLU7fflp/c/1701468550124
IP
Certificate IssuerAmazon
Subject*.zopim.com
Fingerprint3D:9B:0C:BE:81:D4:7E:DE:86:28:44:DB:EC:B7:0B:A0:77:16:4D:BC
ValiditySun, 08 Oct 2023 00:00:00 GMT - Wed, 06 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/W/ws/3aydRZrWBLU7fflp/c/1701468550124 HTTP/1.1
Host: widget-mediator.zopim.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://44.204.18.94
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6QJ7iLoidP4XD6G+94iSJg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Fri, 01 Dec 2023 22:09:05 GMT
Connection: upgrade
Set-Cookie: AWSALB=FdVMOy0zh1xC2dFIb/NII+fhPR8Bx3u/mKWSJEzQi/yIHHctj2pMdnWOONlav88JNTBcn9sx7ZVuw+QuNJH9mb+KQdb708Bv1AKKPsn9deWQ4o0HpNcSUXidm19T; Expires=Fri, 08 Dec 2023 22:09:05 GMT; Path=/
AWSALBCORS=FdVMOy0zh1xC2dFIb/NII+fhPR8Bx3u/mKWSJEzQi/yIHHctj2pMdnWOONlav88JNTBcn9sx7ZVuw+QuNJH9mb+KQdb708Bv1AKKPsn9deWQ4o0HpNcSUXidm19T; Expires=Fri, 08 Dec 2023 22:09:05 GMT; Path=/; SameSite=None; Secure
Upgrade: websocket
Sec-WebSocket-Accept: X3IiLyCNw0dukti9eyzTl2iYFAQ=
Sec-WebSocket-Version: 13
WebSocket-Server: uWebSockets
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.2.0/fonts/fontawesome-webfont.woff?v=4.2.0
200 OK 66 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.2.0/fonts/fontawesome-webfont.woff?v=4.2.0
IP
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type Web Open Font Format, TrueType, length 65452, version 1.0\012- data
Hash d95d6f5d5ab7cfefd09651800b69bd54
7d65e0227d0d7cdc1718119cd2a7dce0638f151c
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
GET /ajax/libs/font-awesome/4.2.0/fonts/fontawesome-webfont.woff?v=4.2.0 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://44.204.18.94
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 01 Dec 2023 22:09:03 GMT
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: W/"5eb03e5f-ffac"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 655967
expires: Wed, 20 Nov 2024 22:09:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T0m8Qkn4vEW4%2FW6IF51UhzRB8kdU8wDRbhj1ke15UuX%2FHczXImRpFuGk7ks8BSXHkDdgWk9v7zM2PoGccZrugNHFlMrxwllAJYS738OiYFZOTF3Y4kIGcjRo3nJ7CFWyl2tABYfo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82eea6fbe9d67130-OSL
alt-svc: h3=":443"; ma=86400
44.204.18.94
18.193.169.44
104.18.72.113
188.114.97.1
0.0.0.0